Chef Automate - Azure Sydney User Group
-
Upload
matt-ray -
Category
Technology
-
view
233 -
download
2
Transcript of Chef Automate - Azure Sydney User Group
Chef Automate Overview
Azure Sydney User GroupSeptember 20, 2017
Matt RayManager, Solutions Architect – APJChef [email protected]@mattray
We’re no longer an airline. We’re a software company with wings.
– Veresh Sita, CIO, Alaska Airlines
Every business is a software business
Infrastructure Automation Application Automation Compliance Automation
Workflow
Visibility
Com
pliance
Chef
▪ Manages deployment and on-going automation
▪ Define reusable resources and infrastructure state as code
▪ Scale elegantly from one to tens of thousands of managed nodes across multiple complex environments
▪ Community, Certified Partner, and Chef supported content available for all common automation tasks
Infrastructure automation and delivery at scale
windows_feature "IIS-WebServerRole" doaction :install
end
windows_feature "IIS-ASPNET" doaction :install
end
iis_pool "FooBarPool" doruntime_version "4.0"action :add
end
package "apache" doaction :install
end
template "/etc/httpd/https.conf" dosource "httpd.conf.erb"mode 0075owner "root"group "root"
end
service "apache2" doaction :start
done
PART OF A PROCESS OF CONTINUOUS COMPLIANCE
Scan for Compliance
Build & Test Locally
Build & Test CI/CD Remediate Verify
A SIMPLE EXAMPLE OF AN INSPEC CIS RULE
InSpec
▪ Translate compliance into Code
▪ Clearly express statements of policy
▪ Move risk to build/test from runtime
▪ Find issues early
▪ Write code quickly
▪ Run code anywhere
▪ Inspect machines, data, APIs, and Cloud platforms
Turn security and compliance into code
control 'windows-base-201' do title 'Strong Windows NTLMv2 Authentication Enabled; Weak LM Disabled' desc 'http://support.microsoft.com/en-us/kb/823659' impact 1.0
describe registry_key ('HKLM\System\CurrentControlSet\Control\Lsa') do it { should exist } its('LmCompatibilityLevel') { should eq 4 } end
Why InSpec + Chef + Microsoft?
Habitat
▪ Ease the burden of managing microservice apps and bring benefits of apps architected for microservices to traditional applications
▪ Gain consistent management of new and traditional applications across their lifecycle
▪ Provides application portability for new and traditional apps
▪ Autonomous nodes self-manage runtime state of application based upon policy you define
▪ APIs expose application behaviors as data for better management
▪ Works in tandem with infrastructure automation
▪ Makes applications running on containers, PaaS, virtual machines, bare metal, … better
Automation that travels with the app
Chef and Microsoft Integrations
• Chef Automate now live on the Azure Marketplace and Azure Gov Cloud• Supports Azure Stack• Continue to enhance Chef VM Extension (Linux & Windows)• OMS integration with Chef client and server • Knife, Test Kitchen, and InSpec plugins for Azure
Azure/OMS
• Support for PowerShell DSC since 2014, WMF 5.0 support added• New Chef Client resources added, continued focus to bring popular resources into the “core” Chef Client• Windows Server 2016 and Nano Server as supported platforms as well as Windows Container support• ChefDK is now supported on Client and Server platforms • Chef Supermarket contains Windows-specific cookbooks• Test Kitchen support for Windows via WinRM and SSH• InSpec resources for Windows• Habitat support for Windows
Windows
• Chef VSCode extension for syntax and tooling plugins• Chef and InSpec Extensions for Visual Studio Team Services (VSTS)• Working with Visual Studio engineering team on other possible integrations/white space, possibly around InSpec &
HabitatVisual Studio
The Chef Automate PlatformContinuous Automation for High Velocity IT
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package▪ Test▪ Approve
BUILD
▪ Provision▪ Configure▪ Execute▪ Update
DEPLOY
▪ Secure▪ Comply▪ Audit▪ Measure▪ Log
MANAGE
Infrastructure Automation Compliance AutomationApplication Automation
OSS AUTOMATION ENGINES
Increase Speed▪ Package infrastructure and app
configuration as code▪ Continuously automate
infrastructure and app updates
Improve Efficiency▪ Define and execute standard
workflows and automation ▪ Audit and measure
effectiveness of automation
Decrease Risk▪ Define compliance rules as
code▪ Deliver continuous compliance
as part of standard workflow
Chef Automate Demo
inspec-azure
● https://github.com/chef/inspec-azure● Azure Ruby SDK● Will be merged into core InSpec
inspec-azure
azure_resource_group
azure_vm
azure_vm_datadisks
inspec-azure
Dig into the new way of learning about Chef, Automation, and DevOps.
Self-paced training on Linux and Windows and much more!
learn.chef.io